kylecarbs
commented
3 months ago Closed matifali closed 3 months ago
kylecarbs
commented
3 months ago 
matifali
commented
3 months ago Should we add a scheduled workflow to keep it in sync weekly or monthly? https://github.com/wei/pull looks promising
johnstcn
commented
3 months ago Kaniko has since updated to go1.22 which means we also need to do so. Unfortunately our codersdk deps prevent this right now (see: https://github.com/coder/coder/issues/11342). For now I'm going to manually vendor these in.
mtojek
commented
3 months ago @johnstcn Is there anything left here or can we resolve this issue?
johnstcn
commented
3 months ago @mtojek https://github.com/coder/kaniko/pull/7 is still un-merged. Some of the tests are failing partially due to some changes we have that upstream does not. However, all of our envbuilder tests appear to work fine with these changes.
Then https://github.com/coder/envbuilder/pull/195 can be updated and approved.
johnstcn
commented
3 months ago This is done now.
Coder's kaniko fork is outdated and prevents updating some of the dependencies that have vulnerabilities. Details can be seen here: https://github.com/coder/envbuilder/security/dependabot
This is a must-do before we launch 1.0 cc: @bpmct